Need Help with Strange JSR Call [Archive] - RCE Messageboard's Regroupment

View Full Version : Need Help with Strange JSR Call

BrashL

March 3rd, 2005, 10:02

Hi,
First post so go easy.

I'm working on a palm program using PalmDemon and PilotDis. I'm 99% sure I found the subroutine I need to patch, but instead of calling a specific location, the jsr is calling an address register that I can't figuire out:

Code:

0003b37a   4eadf2a4			L7590	JSR	-3420(A5)

0003b37e   4a00					TST.B	D0

0003b380   4fef000c				LEA	12(A7),A7

0003b384   6726					BEQ	L7591

0003b386   206effee				MOVEA.L	-18(A6),A0

0003b38a   48680006				PEA	6(A0)

0003b38e   206dcbba				MOVEA.L	-13382(A5),A0

0003b392   20680014				MOVEA.L	20(A0),A0

0003b396   4868003c				PEA	60(A0)

0003b39a   4e4fa0c5				TRAP	#15,$A0C5 = sysTrapStrCopy

0003b39e   3f3c0571				MOVE.W	#1393!$571,-(A7)

0003b3a2   4e4fa192				TRAP	#15,$A192 = sysTrapFrmAlert

0003b3a6   4fef000a				LEA	10(A7),A7

0003b3aa   6032					BRA	L7593

0003b3ac   3f3c0572			L7591	MOVE.W	#1394!$572,-(A7)

0003b3b0   4e4fa192				TRAP	#15,$A192 = sysTrapFrmAlert

0003b3b4   486effee				PEA	-18(A6)

0003b3b8   600a					BRA	L7592

I've never seen this in any tutorials and I can't figuire out where A5 is even populated. Any advice on where to look is greatly appreciated.

BrashL

March 6th, 2005, 20:50

OK, no takers on that one, lets see if anyone can help with this.

I was able to get a look at the subroutine that JSR calls, but I can't seem to find the spot where D0 is set to 0. I have a log of the last couple of lines before the test D0 and I have no clue what's going on. How is D0 being set back to zero?

Code:

D0:00002004 D1:00002000 D2:00000064 D3:0000A004 D4:0003F344 D5:74760001 D6:74766572 D7:0003A20A 

A0:0003F344 A1:10C94E52 A2:0003F344 A3:0003E7D0 A4:0003A298 A5:000088BC A6:0003DB4E A7:0003DB0A 

USP:00000000 PC:10C98B7C SR:0000A604 

10C98B7C 46C0          MOVE.W   D0, SR



an RTS line here



D0:00000000 D1:00000009 D2:00000050 D3:00000008 D4:0003DD76 D5:00000000 D6:00002746 D7:0003A20A 

A0:0003CF86 A1:0003DC18 A2:00008D88 A3:00008B64 A4:0003DC6C A5:000088BC A6:0003DC7A A7:0003DC48 

USP:00000000 PC:0008FB36 SR:0000A004 

0008FB36 4A00          TST.B    D0

I thought the TST.B D0 line is looking at D0, but now I'm wondering how the flag that gets set in the first line ties in.

Sorry if these are dumbass newbie questions, but I'm really trying to figuire this out and nowhere have I found any think like this in a tutorial or paper. Appreciate and help.

lostson

March 11th, 2005, 16:01

hi there,

have u tried to use a debugger? tracing down the code may give u a better view on whats going on.

regards

ColdWinterWind

March 15th, 2005, 14:17

Quote:

an RTS line here

If the A#-A##'s are equivilant to REGISTER's EAX, EDX, etc., I'd say that the R(eady)T(o)S(end) event re-set's the A0 register to 0 to act as a # of bits sent counter, or some such.

Just a guess, though.

lostson

March 16th, 2005, 14:56

well...RTS is called RETUTN FROM SUBROUTINE. its just a simple return.

regarding the registers:

DXX = data registers
AXX = address registers (stack, etc)

the best way is to trace the code with a debugger (palmdebugger or southdebugger).

regards,

lostson

March 16th, 2005, 15:26

10C98B7C 46C0 MOVE.W D0, SR

well, brashl did not post the lines before this opcode...there he will find his answer.